Lucene search

RedhatCVE-2018-1059

HistoryApr 24, 2018 - 6:29 p.m.

CVE-2018-1059

2018-04-2418:29:00

CWE-200

redhat

web.nvd.nist.gov

dpdk

vhost-user

cve-2018-1059

nvd

security

memory exposure

vulnerability

guest physical addresses

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable.

Affected configurations

Nvd

Vulners

Node

canonicalubuntu_linuxMatch17.10

canonicalubuntu_linuxMatch18.04lts

Node

redhatceph_storageMatch3.0

redhatenterprise_linux_fast_datapathMatch7.0

redhatopenshiftMatch3.0enterprise

redhatopenstackMatch8

redhatopenstackMatch9

redhatopenstackMatch10

redhatopenstackMatch11

redhatopenstackMatch12

redhatvirtualizationMatch4.0

redhatvirtualizationMatch4.1

redhatvirtualization_managerMatch4.1

redhatenterprise_linuxMatch7.0

Node

dpdkdata_plane_development_kitRange<18.02.1

VendorProductVersionCPE
canonicalubuntu_linux17.10cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
redhatceph_storage3.0cpe:2.3:a:redhat:ceph_storage:3.0:*:*:*:*:*:*:*
redhatenterprise_linux_fast_datapath7.0cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:*:*:*:*:*:*:*
redhatopenshift3.0cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*
redhatopenstack8cpe:2.3:a:redhat:openstack:8:*:*:*:*:*:*:*
redhatopenstack9cpe:2.3:a:redhat:openstack:9:*:*:*:*:*:*:*
redhatopenstack10cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
redhatopenstack11cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*
redhatopenstack12cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	17.10	cpe:2.3:o:canonical:ubuntu_linux:17.10:::::::*
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
redhat	ceph_storage	3.0	cpe:2.3:a:redhat:ceph_storage:3.0:::::::*
redhat	enterprise_linux_fast_datapath	7.0	cpe:2.3:a:redhat:enterprise_linux_fast_datapath:7.0:::::::*
redhat	openshift	3.0	cpe:2.3:a:redhat:openshift:3.0::::enterprise:::
redhat	openstack	8	cpe:2.3:a:redhat:openstack:8:::::::*
redhat	openstack	9	cpe:2.3:a:redhat:openstack:9:::::::*
redhat	openstack	10	cpe:2.3:a:redhat:openstack:10:::::::*
redhat	openstack	11	cpe:2.3:a:redhat:openstack:11:::::::*
redhat	openstack	12	cpe:2.3:a:redhat:openstack:12:::::::*

Rows per page:

1-10 of 151

CNA Affected

[
  {
    "product": "DPDK",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 18.02.1"
      }
    ]
  }
]